logo

Database

Scala Unsafe Open Redirect

Description

Detects unsafe URL redirects in Scala servlet applications where user-controlled input can be used to redirect users to arbitrary destinations. This vulnerability could allow attackers to create phishing attacks by redirecting users to malicious websites while appearing to come from a trusted domain.

Weakness:

156 - Uncontrolled external site redirect

Category: Deceptive Interactions

Detection Strategy

    Identifies calls to sendRedirect() method on HTTP servlet responses

    Checks if the redirect URL parameter comes from an untrusted source like user input

    Verifies the servlet HTTP libraries (javax.servlet.http or jakarta.servlet.http) are imported

    Confirms the redirect URL is not properly sanitized or validated before use

    Reports a vulnerability when an unsanitized user-controlled value is used directly in a redirect

Vulnerable code example

import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class VulnerableRedirectServlet extends HttpServlet {
    protected void doGet(HttpServletRequest request, HttpServletResponse response) {
        String url = request.getParameter("url");  // Source: Untrusted user input from URL parameter
        response.sendRedirect(url);  // Vulnerability: Direct use of unvalidated input in redirect...

✅ Secure code example

import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Set;

public class SecureRedirectServlet extends HttpServlet {
    // Whitelist of allowed redirect destinations
    private static final Set<String> ALLOWED_URLS = Set.of("/home", "/dashboard", "/profile");...